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ABSTRACT 


The  goal  of-tiA  research  effort-*upported  by  the  Office  of  Naval 
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Research  under  Contract  N00014-80-C-0772  was  to  analyze  the  relation¬ 
ships  between  systea  structure  and  testability.  This  final  report 
deacribes  the  approach  that  was  followed  to  relate  structure  and  testa 
bility  and  presents  the  results  that  were  obtained. 
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INTRODUCTION 


The  complexity  of  current  electronic  systems  nsoelly  requires  these 
systeas  to  be  psrtitioned  into  a  nnaber  of  aore  asnsgesble  subsystems 
before  the  design  process  aay  proceed.  As  this  approach  is  applied  to 
the  design  of  each  subsystea,  the  resulting  design  becones  hierarchical 
in  nature.  Each  design  level  consists  of  interconnecting  subsystems 
from  a  lover  design  level  and  it  is  clear  that  under  these  constraints 
the  design  problea  is  basically  an  interconnection  problem. 

Systeas  aust  be  designed  not  only  to  aeet  desired  functional 
requireaents  but  also  to  be  reliable  and  easily  maintainable  .  It  is 
therefore  imperative  to  provide  efficient  procedures  which  allow  the 
user  to  (1)  ascertain  that  the  systea  is  performing  properly  prior  to 
use;  (2)  ascertain  that  the  systea  is  performing  properly  during  use; 
and  (3)  detect,  locate,  and  repair  the  cause  of  failures  when  they  do 
occur.  These  procedures  are  particularly  important  if  the  systea  is  to 
have  fault  tolerant  capabilities  sines  the  systea  aust  react  in  the 
proper  aanner  to  the  oecurrenee  of  faults.  Unfortunately  the  existence 
of  such  procedures  is  by  no  Beans  ensured,  and  even  when  they  exist,  the 
task  of  finding  thea  any  be  prohibitively  complicated. 

Since  the  design  problea  is  basically  an  interconnection  problea 
and  the  need  for  inherent  testability  is  essential,  it  follows  that  the 
interconnection  structure  aust  take  into  account  testability  con¬ 
straints.  This  is  true  whether  we  consider  the  functional  interconnec¬ 
tion  links  of  the  systea  or  an  additional  interconnection  structure 
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whose  only  fnnction  is  the  testing  of  the  systen.  In  either  esse  the 
designer  aust  take  into  eeeonnt  not  only  the  design  reqnirenents  of  the 
systen*  bnt  st  the  sane  tine  he  nnst  provide  for  fault  detection  and 
fault  loeation  capability.  Thus  the  analysis  of  the  testability  of 
interconnection  structures  is  aotivated  by  the  desire  to  facilitate  the 
deaiga  of  easily  testable  and  aaintainable  eonplex  systeas. 

Most  testing  approaches  require  intiaate  knowledge  of  systea  opera¬ 
tion  and  thus  require  the  application  of  specialized  stiauli  and  neas- 
ureaent  of  unique  responses.  Such  aethods  leave  few  areas  which  nay  be 
generalised  and  applied  to  other  systeas  and  few  areas  in  which  the 
analysis  of  the  systea  nay  be  sis^lified.  In  atteapt  to  generalize 
testing  probleas,  soae  approaches  have  ignored  the  analysis  of  the  sys¬ 
tea  functions  coapletely.  These  aethods  require  systeas  to  be  avail¬ 
able.  which  are  believed  to  be  fault  free  and  their  ezperiaental 
reeponse  to  noise  or  pseudo-randoa  stiauli  is  recorded  for  coaparison  to 
other  systeas.  Though  siaple  to  apply,  the  usefulness  of  this  approach 
is  difficult  to  evaluate  since  the  stiauli  and  responses  any  have  little 
in  coaaon  with  the  systea' s  noraal  functions. 

It  is  generally  true  that  subsysteas  are  aore  easily  (or  at  least 
leas  expensively)  tested  when  isolated  rather  than  eabedded  into  a  sys¬ 
tea.  It  is  therefore  the  interconnection  structure  which  coaplieates 
the  problea  by  liaiting  access  to  and  oreating  interdependencies  between 
subsysteas.  The  test  approaches  described,  however,  do  not  address  the 
fact  that  if  the  subsysteas  are  testable  when  isolated,  it  is  the  pro¬ 
cess  of  eabedding  then  into  a  larger  systea  which  has  coaplieated  the 
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tasting  procedures.  Clearly  if  the  larger  systea  provided  the  saae 
aeeeaa  to  the  subsystems  which  is  provided  when  the  subsysteas  were  iso¬ 
lated  the  testing  proeess  would  be  no  aore  eoaplicated  that  testing  each 
individual  subsystea.  This  never  occurs  and  in  faot  it  is  agreed  that 
the  foreaost  difficultly  related  to  testing  coaplex  syateas  is  that  the 
interconnection  structure  of  the  systea  often  renders  the  individual 
aubayateas  virtually  untestable.  This  is  as  true  of  coaplex  integrated 
circuits  as  it  is  of  complete  radar  systeas. 

In  both  the  testing  approaches  described,  the  interconnected  sub¬ 
systeas  are  treated  as  a  new  systea  and  the  task  of  testing  thea  as 
essentially  a  new  problea.  As suae,  however,  that  it  is  possible  to 
determine  testability  properties  of  the  interconnection  structure 
independently  froa  the  subsysteas  theaselves.  Then  using  these  proper¬ 
ties  and  the  knowledge  that  the  subsysteas  are  testable,  it  aay  be  pos¬ 
sible  to  develop  tests  for  the  entire  systea  with  only  liaited  knowledge 
of  the  systea' s  overall  function.  Thus  in-depth  analysis  of  the  systea 
has  been  avoided  without  approaching  the  task  of  test  generation  in  a 
haphasard  manner.  Indeed,  if  this  approach  is  taken  to  a  logical  con¬ 
clusion,  the  testability  of  only  the  aost  basio  circuit  coaponents  aust 
be  analysed  in  detail  since  aore  coaplex  systeas  aay  analysed  in  terns 
of  their  interconnections  between  testable  subsysteas. 

Thus  it  is  clear  that  not  only  is  it  bereficial  to  identify  inter¬ 
connection  structures  with  good  and  bad  testability  properties,  but  it 
is  also  advantageous  to  develop  analysis  aethods  for  the  testability  of 
general  interconnection  structures.  These  aust  necessarily  include 


utkodi  fox  the  analysis  of  (1)  a  structure's  theoretical  ability  to 
detect  faulta;  (2)  a  structure's  theoretical  ability  to  diagnose  (iso¬ 
late)  faults;  and  (3)  the  existence  of  efficient  algorithms  for  fault 
diagnosis. 

It  is  particularly  important  to  note  that  the  diagnosis  efficiency 
of  a  system  is  strongly  related  to  its  structure  and  could  be  an 
influential  factor  in  determining  the  system's  design.  The  diagnosis  of 
the  fault  situation  of  a  system  can  be  Tiewed  aa  a  syndrome  decoding 
problem,  that  is  the  location  of  a  fault  is  obtained  by  decoding  the 
syndrome  resulting  from  the  interaction  between  the  fault  and  the  system 


structure 
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RESEARCH  OBJECTIVES 

la  tits  area  of  testability  aad  fault  analysis  of  systems,  an  abun¬ 
dance  of  literature  and  several  survey  articles  are  available,  however, 
nearly  all  of  this  information  deals  only  with  isolated  testing  of  spe¬ 
cialised  subsystems.  Relatively  few  authors  (see  Appendix  II)  have 
chosen  to  approach  the  problem  of  fault  analysis  at  the  system  level  and 
in  terms  of  the  interconnection  structure.  Furthermore,  those  existing 
studies  have  often  relied  on  assumptions  which  are  not  met  by  real  sys¬ 
tems.  These  asswptions  have  included:  (1)  the  necessity  for  indepen¬ 
dent  test  interfaces;  (2)  the  requirement  that  all  units  of  the  system 
be  capable  of  evaluating  and  testing  any  other  unit;  (3)  the  assumption 
that  the  interconnection  links  are  fault-free;  and  (4)  the  requirement 
that  the  units  are  striotly  logical  (digital)  in  nature.  Ve  now  disouss 
briefly  these  assumptions  and  their  impact  on  system  design. 

The  need  for  additional  interfaces  for  testing  contributes  to  the 
system's  complexity  by  the  addition  of  extraneous  components  whose  only 
purpose  are  fault  detection  and  location.  Although  appealing,  this 
approach  suffers  several  serious  drawbacks:  (1)  the  additional  devices 
themselves  are  sources  of  possible  failures;  (2)  faulty  testing  devices 
may  result  in  incorrect  diagnosis  of  subsystems;  and  (3)  the  intercon¬ 
nection  links  used  during  normal  system  operation  may  not  be  tested. 

Hote  that  removing  or  isolating  a  subsystem  for  testing  not  only  does 
not  verify  its  communication  links,  but  if  a  failure  is  due  to  faulty 
contact  between  the  unit  aad  the  network,  removing  the  unit  may  actually 
remove  the  cause  of  the  failure. 
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The  requirement  that  any  subsystem  is  capable  of  testing  any  other 
snbsystem  is  nsnally  not  met  in  real  systems.  For  example,  a  radar  sys¬ 
tem  is  comprised  of  subsystems  whose  nature  and  capabilities  are  widely 
waried.  This  dissimilarity  in  function  limits  the  ability  of  certain 
modnles  to  evaluate  others.  From  a  testability  standpoint  this  is  also 
a  limitation  on  the  interconnection  structure.  So  although  we  leave  the 
task  of  determining  and  generating  the  proper  testing  stimuli  to  the 
manufacturers  of  these  subsystems,  it  is  clear  that  we  must  address  our¬ 
selves  to  the  problem  of  testing  various  dissimilar  modules  when  they 
are  interconnected  to  form  a  system. 

A  diagnosis  approach  which  does  not  consider  interconnection  link 
failure  leads  to  the  incorrect  diagnosis  of  single  or  multiple  subsystem 
failures  in  the  event  of  an  actual  link  failure.  This  results  in  the 
nnnecessary  removal  and  attempted  repair  of  nonfaulty  subsystems.  Thus 
it  is  important  to  distinguish  between  link  and  snbsystem  failure.  The 
ability  to  detect  and  isolate  a  faulty  link  is  even  more  critical  if  the 
system  has  the  capability  of  preserving  its  operation  by  rerouting  or 
ignoring  signals  normally  transmitted  through  that  link. 

Finally,  the  rapid  advances  in  digital  technology  has  led  many 
researchers  to  simplify  their  analyses  by  considering  only  logical  sub¬ 
system  types.  As  a  result,  most  of  the  fault  diagnosis  schemes 
developed  up  to  this  time  are  digital  in  nature  and  few  are  directly 
applicable  to  hybrid  systems,  i.e.  systems  which  consist  of  both  analog 
and  digital  components.  The  improvements  now  occurring  in  analog 
integrated  circuit  technology  have  renewed  interest  in  analog  fault 


detection  tad  location.  Thai  hybrid  or  specifically  analog  interconnec- 
tioa  atraetnras  whioh  bare  known  good  detection  and  fault  diagnosis  pro¬ 
perties  are  needed. 

Thus,  the  najor  task  to  which  we  have  addressed  ourselves  is  the 
following:  sssnaiag  that  the  snbsysteas  are  testable,  that  is,  we  know 
how  to  check  then  when  isolated,  we  anst  find  ways  to  ensure  that  we  nay 
still  evaluate  the  correctness  of  their  operation  when  they  are  enbedded 
into  the  systen.  Our  criteria  for  fault  detection  enphasizes  the 
overall  functional  operation  of  the  systen.  This  is  done  deliberately 
in  an  attenpt  to  reduce  the  dependency  of  onr  testability  nodels  npon 
the  individual  paraaetric  test  reqnireaents  of  isolated  snbsysteas. 

Thus  we  have  concerned  ourselves  with  a  systen' s  overall  functional 
reqnireaents,  but  have  avoided  dissuasion  of  specific  stinuli  generation 
and  response  neasurenent  problens. 


RESEARCH  RESULTS 


The  first  and  foreaost  objective  of  onr  research  effort  was  to  syn¬ 
thesize  a  class  of  testability  node la  powerful  enough  to  be  applicable 
to  a  wide  range  of  real  systeas  and  possessing  enough  structure  to  allow 
for  a  detailed  analysis  of  their  detectability  and  diagnosability  pro¬ 
perties.  Our  worh  has  lead  to  the  synthesis  of  a  systea  level  fault 
aodel,  the  HM  fault  aodel,  that  possesses  the  desired  properties.  In 
particular,  the  flexibility  of  the  aodel  allows  the  concept  of  aorphisa 
to  be  used,  even  in  situations  in  which  the  aorphic  properties  are  not 
initially  present.  That  worh  has  resulted  in  a  Ph.  D.  Dissertation  [8] 
and  several  papers  [2],  [3].  [5]  and  [61. 

The  second  objective  of  our  research  effort  was  to  develop  decoding 
algorithns  for  the  analysis  of  the  syndroaes  produced  by  the  interaction 
between  allowable  classes  of  faults  and  the  aodels  previously  defined. 
These  algorithns  are  necessary  to  inaure  the  efficient  location  of  the 
faulty  subsysteas  and  thus  to  facilitate  their  tinely  repair.  Our  work 
on  the  PNC  aodel  [PSE67]  and  the  BGM  aodel  [BAR76]  has  lead  us  to  recog¬ 
nise  that  a  aaxiaality  property  of  the  iaplied  faulty  sets  in  the  case 
of  the  PMC  aodel  [7]  [12].  to  propose  a  decoding  algoritha  for  the  BGM 
aodel  [10]  [11],  and  to  analyse  iterative  techniques  for  decoding  based 
on  partial  syndroaes  [4] . 


The  third  objective  of  our  research  effort  was  to  relate  the  effi¬ 
ciency  of  the  decoding  algorithns  to  the  eoaplexity  of  the  interconnec¬ 
tion  structures  of  the  aodels.  Our  approach  to  that  problea  was  to  use 
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the  HX  aodel  to  introduce  a  partial  ordering  on  the  family  of  system- 
level  fault  aodela.  The  reanlta  are  contained  in  [9]  and  ahow  that  a 
ayateaatic  claaaification  of  aodela  ia  poaaible  and  that  thia  classifi¬ 
cation  can  he  used  to  synthesize  decoding  algorithms. 

Finally,  ve  have  analyzed  [1]  a  class  of  transaission  models  pro¬ 
posed  by  Sogoaonyan  [SOG64]  and  we  have  shown  that  snch  models  may  be 
viewed  as  particular  case  of  the  HX  aodel  [8] . 

In  meeting  oar  research  objectives  we  have  accomplished  oar  goal  to 
provide  a  simplified  and  efficient  approach  to  the  design  of  testable 
complex  systems.  By  basing  onr  testability  measures  on  the  system's 
interconnection  structure,  we  have  emphasized  the  testability  of  subsys¬ 
tems  as  they  are  aetually  used,  i.e.  embedded  in  a  larger  system. 
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